diff --git a/Documentation/Developers/CHANGELOG-RENE b/Documentation/Developers/CHANGELOG-RENE
index ea8e2c132..f6b516299 100644
--- a/Documentation/Developers/CHANGELOG-RENE
+++ b/Documentation/Developers/CHANGELOG-RENE
@@ -1,4 +1,8 @@
+*) 2003-11-13 (2.0.0-rc2 - 2.0.0-rc3)
+
+ - Sebastian Jaenicke: added zebra security patches
+
*) 2003-11-12 (2.0.0-rc2 - 2.0.0-rc3)
- Juergen Sawinski: fixed rene/nxcomp to only install the major library
diff --git a/package/tsa/zebra/50zebra-0.91a-netlink.patch b/package/tsa/zebra/50zebra-0.91a-netlink.patch
new file mode 100644
index 000000000..10a340aa7
--- /dev/null
+++ b/package/tsa/zebra/50zebra-0.91a-netlink.patch
@@ -0,0 +1,71 @@
+--- zebra-0.91a/zebra/rt_netlink.c.netlink Tue Jan 23 03:10:04 2001
++++ zebra-0.91a/zebra/rt_netlink.c Wed Oct 29 22:46:44 2003
+@@ -46,9 +46,8 @@
+ int seq;
+ struct sockaddr_nl snl;
+ char *name;
+-} netlink = { -1, 0, {0}, "netlink-listen" }, /* kernel messages */
+- netlink_cmd = { -1, 0, {0}, "netlink-cmd" }, /* command channel */
+- netlink_addr = {-1, 0, {0}, "netlink-addr" }; /* address channel */
++} netlink_sock ={ -1, 0, {0}, "netlink-listen" }, /* kernel messages */
++ netlink_cmd = { -1, 0, {0}, "netlink-cmd" }; /* command channel */
+
+ struct message nlmsg_str[] =
+ {
+@@ -206,6 +205,13 @@
+ return -1;
+ }
+
++ /* JF: Ignore messages that aren't from the kernel */
++ if ( snl.nl_pid != 0 )
++ {
++ zlog ( NULL, LOG_ERR, "Ignoring message from pid %u", snl.nl_pid );
++ continue;
++ }
++
+ for (h = (struct nlmsghdr *) buf; NLMSG_OK (h, status);
+ h = NLMSG_NEXT (h, status))
+ {
+@@ -1052,7 +1058,7 @@
+ snl.nl_family = AF_NETLINK;
+
+ /* Talk to netlink socket. */
+- ret = netlink_talk (&req.n, &netlink);
++ ret = netlink_talk (&req.n, &netlink_sock);
+ if (ret < 0)
+ return -1;
+
+@@ -1270,7 +1276,7 @@
+ if (family == AF_INET)
+ nl = &netlink_cmd;
+ else
+- nl = &netlink;
++ nl = &netlink_sock;
+
+ /* Talk to netlink socket. */
+ return netlink_talk (&req.n, nl);
+@@ -1384,8 +1390,8 @@
+ int sock;
+
+ sock = THREAD_FD (thread);
+- ret = netlink_parse_info (netlink_information_fetch, &netlink);
+- thread_add_read (master, kernel_read, NULL, netlink.sock);
++ ret = netlink_parse_info (netlink_information_fetch, &netlink_sock);
++ thread_add_read (master, kernel_read, NULL, netlink_sock.sock);
+
+ return 0;
+ }
+@@ -1401,10 +1407,10 @@
+ #ifdef HAVE_IPV6
+ groups |= RTMGRP_IPV6_ROUTE|RTMGRP_IPV6_IFADDR;
+ #endif /* HAVE_IPV6 */
+- netlink_socket (&netlink, groups);
++ netlink_socket (&netlink_sock, groups);
+ netlink_socket (&netlink_cmd, 0);
+
+ /* Register kernel socket. */
+- if (netlink.sock > 0)
+- thread_add_read (master, kernel_read, NULL, netlink.sock);
++ if (netlink_sock.sock > 0)
++ thread_add_read (master, kernel_read, NULL, netlink_sock.sock);
+ }
diff --git a/package/tsa/zebra/60zebra-0.91a-remote_dos.patch b/package/tsa/zebra/60zebra-0.91a-remote_dos.patch
new file mode 100644
index 000000000..6b8ccccd4
--- /dev/null
+++ b/package/tsa/zebra/60zebra-0.91a-remote_dos.patch
@@ -0,0 +1,23 @@
+--- zebra-0.91a/lib/vty.c.orig Thu Feb 1 02:18:05 2001
++++ zebra-0.91a/lib/vty.c Wed Oct 15 19:50:34 2003
+@@ -1103,13 +1103,16 @@
+ break;
+ case SE:
+ {
+- char *buffer = (char *)vty->sb_buffer->head->data;
+- int length = vty->sb_buffer->length;
++ char *buffer;
++ int length;
+
+- if (buffer == NULL)
++ if (!vty->iac_sb_in_progress)
+ return 0;
+
+- if (!vty->iac_sb_in_progress)
++ buffer = (char *)vty->sb_buffer->head->data;
++ length = vty->sb_buffer->length;
++
++ if (buffer == NULL)
+ return 0;
+
+ if (buffer[0] == '\0')